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CHAPTER  1  I 1 T-,  -,..-.        I 

'lie  Introduction 

Automated  theorem  proving  (ATP)  is  a  central  theme  in  Artificial 
Intelligence.  It  has  direct  application  in  the  building  of  inference 
engines,  explanation  generation,  program  verification,  and  other 
applications  requiring  some  form  of  mechanical  reasoning. 

There  are  some  large  problems  currently  in  ATP.  The  first  problem  is 
that  the  search  space  tends  to  e:5)lode  combinatcxially.  Alan  Bundy  in 
[2]  said,  "An  unguided  theoran  prover  can  prove  trivial  theorems  by 
sheer  brute  strength,  but  collapses  under  the  weight  of  anything  the 
least  bit  difficult."  He  found  that  current  guidance  heuristics  cut  the 
search  space  roughly  in  half  (in  his  example,  from  1021  elements  to  lOll 
elements.)  The  other  major  problem  is  that  the  prover  has  no  way  of 
knowing  that  it  may  be  searching  down  an  infinitely  long  path.  (These 
paths  are  known  as  "black-holes,"  because  once  the  program  goes  into  one 
it  never  comes  out.) 

Bibel,  in  [3] ,  has  suggested  that  these  guidance  heuristics  are  just 
substitutions  for  structural  insight.  In  this  thesis,  a  procedure  is 
set  forth  that  gives  a  machine  some  understanding  of  structure. 
Semantics  of  structure,  as  discussed  in  Chapter  3,  appear  at  first  to  be 
part  of  syntax.  This  is  because  all  of  the  symbols  denoting  structure 
have  fixed  interpretaticxis.  It  is  not  these  fixed  interpretations,  but 
the  combination  of  them  that  gives  the  statement  its  structure  and 
meaning.  Each  statement  combines  these  fixed  interpretations 
differently.  By  using  the  semantics  of  structure,  a  procedure  may  be 
generated  that  has  a  search  space  like  that  of  a  logician  and,  as  we 
will  see,  is  able  to  tell  us  when  it  is  investigating  a  potentially 
infinite  path.  If  it  finds  an  end  to  this  potentially  infinite  path,  it 
can  inform  us  of  that  as  well.  The  use  of  this  structural  knowledge 
will  allow  the  new  procedure  to  reason  out  more  difficult  proofs, 
instead  of  out-running  it  with  "brute  strength." 
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Ihis  thesis  contains  a  total  of  seven  chapters.  In  the  second  chapter, 
the  notations  of  the  thesis  are  defined.  Chapter  3  contains  a 
discussion  of  semantics  of  structure.  In  Chapter  4,  current  proof 
procedures  for  both  logician  and  machine  are  discussed.  The  new  proof 
procedure  is  introduced,  as  well  as  contrasted  with  current  procedures 
in  Chapter  5.  The  remaining  two  chapters  give  details  of  the 
implementation  of  the  net}  proof  procedure  and  the  conclusions  of  this 
thesis. 


CHAPTER  2 
Notation 


Ihe  purpose  of  this  chapter  is  to  define  briefly  the  three  calculi  with 
which  this  thesis  is  concerned.  These  claculi  are:  (1)  notation  of 
classical  predicate  calculus  used  fcy  logicians;  (2)  the  calculus  used 
to  communicate  formulas  to  a  machine;  and  (3)  the  notation  used 
predaninantly  in  this  thesis.  The  second  and  the  third  are  syntactic 
variants  of  the  first. 

In  all  of  these  calculi,  the  symbols  used  for  predicates,  constants,  and 
variables  will  be  the  same. 

Predicates  — >  P,  Q,  R,  S  ... 
Constants  — >  a,  b,  c,  d  ... 
Variables    — >  w,  x,  y,  z  ... 

It  is  assumed  that  these  symbols  are  countably  infinite  in  number. 


2.1    ClassiccQ.  Predicate  Calculus 

The  classical  predicate  calculus  referred  to  here  is  the  same 
as  that  defined  in  the  first  section  of  the  second  ch^er  of 
[1].  This  calculus  uses  the  infix  connectives  ~,A,v,3,  and 
S  as  symbols  for  the  negation,  conjunction,  disjunction 
conditional  and  biconditional  operations  respectively.  The 
quantifiers  used  are  the  existential  (3)  and  the  universal 
(V) .  Parentheses  or  brackets  m^  be  used  as  grouping  symbols. 
In  reading  the  examples,  assume  that  P  stands  for  "is  a 
Person"  and  Q  stands  for  "Loves, "  also  "a"  st:ands  for  John  and 
"b"  stands  for  Sue.  Sane  examples  of  the  classical  predicate 
calculus  and  their  meaning  are  given  in  Figure  1. 


Classical  Predicate  Calculus 


English 


1. 


-Pb 


Sue  is  not  a  Person 


2. 


Pa 


John  is  a  Person 


3.  VxPx 


For  all  X,  x  is  a  Person 


4. 


Qab 


John  Loves  Sue 


5. 


Vx3y(Pxz>Q3Q') 


For  all  X,  there  exists  a  y, 
such  that  if  X  is  a  person, 
then  X  Loves  y.  (Every 
person  Loves  someone) 


6.  Vxyz[(Qxy  A  Qyz)o  Qxz] 


For  all  X,  y,  and  z,  if  x 
Loves  y  and  y  Loves  z  then  x 
Loves  z. 

(AxiOTi  of  transitivity  for 
the  predicate  Loves.) 


Figure  1 
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These  examples  are  all  well-formed  formulas  (WFF's)  of  the 
calculus,  but  the  truth  of  these  statanents  is  not  eJ5>licitly 
stated  in  the  calculus. 


2.2    A  Predicate  Calculus  for  a  Machine 

Bus  calculus  differs  only  slightly  f ran  the  one  discussed  in 
2.1.  The  changes  were  made  in  order  to  be  able  to  use  a 
standard  typeface  and  to  aid  the  machine  in  parsing  the 
calculus. 

The  typographical  changes  are  the  following  ~,  +,  -,  IF,  IFF, 
$,  *  are  used  for  ~,/\, V,3,  =  ,  1^,3  respectivelyl. 

There  were  three  changes  made  to  the  standard  calculus  to  make 
it  easier  for  the  machine  to  parse  the  input.  The  first 
change  is  that  the  statement  must  be  fully  parenthesized,  for 
exanple,   the  statement: 

Pa  /\  Qa  A  Ra 

will  be  written  as: 

,    .     ( (Pa  A  Qa)  /\  Ra)     or     (Pa  A  (Qa  A  Ra) ) 

(whichever  is  mare  natural).  The  grouping  here  is  not  important. 
The  second  of  these  changes  is  that  the  operators  are  in  prefix 


1  The  author  chose  $  as  the  universal  quantifier.  After  all, 
"Money  is  the  universal  language." 


'p^;-^ 


form,  not  infix.  There  is  no  change  in  the  meaning  of  the 
operators,  just  location.  Bie  last  change  is  that  quantifiers  m^ 
quanti^  only  one  variable  at  a  time.  Ihis  difference  is  shown  in 
Example  6  in  Figure  2.  Also  note  in  Figure  2  that  the  predicates 
are  parenthesized. 


(  «; 


Classical  Predicate  Calculus  Machine 

1.  "Pb  r  (P(b))) 

2.  Ba  (P(a)) 

3.  Vx  Px  ($x  (P(x))) 

4.  Qab  (Q(a  b)) 

5.  Vx3y  (Px  3  Q:^)  ($x  (*y  (IF  (P(x))    (Q(xy))))) 

6.  Vxyz  ((QxyA  Qyz)    O    Qxz)      ($x  ($y  ($z 

(IF  (+  (Q(xy))(Q(y  z))) 
(Q(x  z))   )   )   )   ) 


Figure  2 


2.3     The  Notation  Used  In  This  Thesis 

Bie  notation  used  in  this  thesis  is  a  hybrid  of  the  notations 
in  Sections  2.2  and  2.3.  It  is  the  classical  notation  with 
the  substitutions  made  to  allow  for  a  standard  typeface.  This 
means  it  is  in  infix  form  and  not  necessarily  fully 
parenthesized.     (See  Figure  3) 


Classical  Predicate  Calculus  niesis 


1. 

~Pb 

~Pb 

2. 

Ea 

Pa 

3. 

Vx  Px 

$x  Px 

4. 

Qab 

Qab 

5. 

Vx3y 

(Px^  Qxy) 

$x  *y  (Px  IF  Qxy) 

6. 

Vxyz 

( (Qxy  A  Qyz)  O 

Qxz) 

$xyz  ( (Qxy  +  Qyz)   IF  Qxz) 

Figure  3 
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2.4    Final  Comments  on  Notation 

It  is  easy  to  see  that  these  three  calculi  have  equivalent 
expressive  power.  It  is  also  quite  easy  to  move  from  one 
notation  to  another.  This  was  dons  intentionally  to  make  it 
easy  to  take  formulas  from  a  book  and  present  them  to  the 
machine  for  analysis  without  having  to  make  an  unnecessary 
transition  to  a  normal  form. 


i  , 


•I 


CHAPTER  3 

Semantics 


Biere  are  two  types  of  semantics  in  predicate  calculus.  They  are 
semantics  of  "interpretation"  and  "structure."  The  semantics  of 
interpretation  has  to  do  with  the  meaning  of  predicates  and  determining 
the  truth-value  of  atonic  statements.  This  information  is  domain 
dependent  and  not  of  particular  interest  in  this  thesis.  Bie  semantics 
of  structure  is  set  forth  belcw  in  Section  3.1. 

Bie  rest  of  this  chapter  is  devoted  to  a  discussion  of  tiie  sonantics  of 
structure,  their  relation  to  proof  procedures,  and  the  consideration  of 
semantics  of  structure  in  the  choice  of  syntactic  constructs.  A  brief 
discussion  of  normal  forms  is  also  included, 

3.1    Semantics  of  Structure 

The  semantics  of  structure  provide  the  meanings  of  the 
elements  of  the  calculus  that  allow  one  to  create  compound 
statanents.  In  the  calculi  of  Chapter  2,  the  structural 
elements  were  the  five  connectives  and  two  quantifiers,  +,  - 
,IF,  IFF,  ~,  *,  and  $.  Semantics  of  structure  is  also 
involved  with  the  relationship  of  the  structure  of  a  statement 
and  its  meaning  with  respect  to  the  meaning  of  its 
substatements. 

These,  however,  are  not  the  only  structural  elements  one  could 
use  in  creating  a  calculus.  Other  first  order  structural 
elonents  would  include  functions  and  equality. 

Seme  notations  show  their  structural  features  better  than 
those  we  have  seen  so  far.  These  include  the  graphical 
notation  of  Frege  and  the  box  notation  of  Peirce. 
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All  these  notaticais  can  to  express  the  cx)ncepts  in  a  first 
order  logic,  Ihey  are  all,  in  this  sense,  equivalent.  Uiis 
is  to  say,  these  notations  can  have  the  same  semantics  of 
interpretation. 

The  semantics  of  the  structure  of  these  notations  are, 
however,  different2.  This  difference  allows  for  a  shift  of 
emphasis  in  the  meaning  of  statements  of  the  calculus.  This 
difference  may  be  used  to  make  it  easier  to  read  or  easier  to 
prove  theorems.  An  example  of  this  in  English  is  the 
structural  change  in  a  sentence  when  the  voice  is  changed  from 
active  to  passive.     For  example: 

Mary  ate  the  cake. 

implies  that  Mary  performed  the  action  of  eating  the  cake,  as 
opposed  to: 

TUhe  cake  was  eaten  by  Mary. 

which  implies  that  the  cake  was  eaten  and  that  it  was  Mary  who 
ate  it.  In  the  first  sentence,  the  emphasis  is  that  Mary  was 
doing  something  and  in  the  second,   the  em^iasis  is  that  the 

cake  was  having  something  done  to  it. 

i    ■■■  ■ 

The  next  section  looks  at  how  the  semantics  of  structure  is 
related  to  proof  procedures. 


2     Note:     All  of  the  notations  presented  in  this  thesis  have 
the  same  semantics  of  structure. 
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3.2    The  Relation  of  Sonantics  of  Structure  to   Proof 
Procedures 


It  is  rare  for  a  logician  to  discuss  semantics  of  structure. 
Most  of  the  time,  a  logician  will  simply  define  a  notation 
which  is  convenient  to  his  purposes.  Semantics  of  structure 
is  often  viewed  as  part  of  syntax.  This  is  because  the 
semantics  of  the  structure  of  syntax  has  a  fixed 
interpretation,  for  example,  the  "or"  symbol  always  means 
disjunction.  The  part  of  semantics  of  structure  that  is 
interesting  is  not  the  fixed  interpretation  of  syntax,  but  the 
combination  of  these  fixed  interpretations  in  a  theoron  and 
how  this  affects  proof  procedures. 

In  all  proof  procedures,  the  semantics  of  structure  must  be 

used.     Sane  of  this  information  is  used  explicitly,   such  as 

statement-substatenent  relationships.     Some  information  is 

used  implicitly  in  the  form  of  rules  which  guard  the  soundness  (■ 

of  the  algorithm.  ^^'- 

The  role  of  semantics  of  structure  can  be  more  clearly 
identified  in  a  specific  example.  The  example  chosen  here  is 
a  method  of  building  consistency  trees  (a  form  of  proof  by 
contradiction)   from  [1] .     The  proof  procedure  is  laid  out  in  /, 

sane  detail  in  the  three  parts  of  Figure  4. 

In  this  procedure,  considerations  for  the  semantics  of 
structure  are  made  in  two  ways.  The  first  involves  the 
statement-substatement  relationships.  These  relations  are  the 
connective  rules  of  Figure  4C  and  General  Rule  B  in  Figure  4A. 
These  rules  guarantee  that  statements  are  properly  decanposed 
into  their  substatements,  and  the  stbstatements  are  added  to 
all  branches  of  the  proof  to  which  it  is  appropriate. 
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The  notion  of  checked  and  unchecked  statanents  keeps  one  from 
decomposing  the  same  statonent  over  and  over.  It  should  be 
noted  that  the  universally  quantified  statonent  is  never 
checked,  meaning  the  procedure  may  run  forever.  Ihis  notion 
of  checked  and  unchecked  statements  is  also  tied  to  tiie  other 
way  in  which  the  meaning  of  the  symbols  is  considered.  This 
is  quantifier  scope. 


j&f_ 
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A.  A  branch  must  be  closed  as  soon  as  both  a  statement  and 
its  negation  appear  on  it. 

B.  Any  statonent  that  is  not  universally  quantified  must  be 
checked  off  when  decanposed  by  the  appropriate  rule,  and 
the  statements  into  which  it  decomposes  must  be  added  to 
the  bottan  of  all  the  branches  which  may  be  traced  back  to 
it. 

C.  When  decomposing  an  (unnegated)  existential  quantification 
or  negated  universal  one,  "instantiate"  it  on  each  open 
branch  through  the  statement  by  means  of  the 
alphabetically  earliest  term  foreign  to  that  branch  (or, 
if  preferred,  by  means  of  the  alphabetically  earliest  term 
foreign  to  every  branch  on  which  it  is  to  be 
"instantiated") . 

D.  When  decomposing  an  (unnegated)  universal  quantification 
or  negated  existential  one,  "instantiate"  it  on  each  open 
branch  through  the  statonent  ty  means  of  all  (and  only) 
the  terms  that  have  occurred  so  far  along  that  branch, 
emitting  the  "instances"  of  the  statement  that  already 
appear  on  the  branch.  If  no  term  has  yet  occurred  along  a 
given  branch,  choose  a  new  one. 


Figure  4A 
General  Rules  £or  the  LeBlanc  and  Wisdom  Procedure 


16 


1.  Write  down  the  negation  of   the  theorem.    (This  is  the 
"Root"  branch.) 

2.  Is  there  an  open  branch  on  which  all  the  statements  are 
checked? 

No:    Go  to  step  3. 
Yes:     Hie  theorem  is  unprovable. 

3 .  Is  there  an  unchecked  statanent  on  an  open  brandi  to  which 
a  connective  rule  applies? 

No:    Go  to  step  4. 
Yes:    Apply  the  relevant  rule  to  it. 
Go  to  step  2. 

4.  Is  there  an  unchecked  statement  on  an  open  branch  of  the 
sort  *x  A  or  ~  $x  A? 


No:    Go  to  step  5, 

Yes:    i^ly  the  relevant  rule  to  it. 
Go  to  step  2. 


5.    Are  there  any  statements  on  an  open  branch  of  the  sort  $x 
A  or  ~  *x  A? 

No:    The  theorem  is  provable. 
Yes:    Apply  the  relevant  rule  to  every  one  of  them. 

5. a.     Is  there  an  open  branch  to  which  no  new  line  was 
added? 

No:    Go  to  step  3. 
Yes:     Bie  theoran  is  unprovable. 


Figure  4B 
Proof  Procedure  from  LeBlanc  and  Wisdom 
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These  rules  are  just  for  the  decanposition  of  statements  and 
should  be  applied  using  Rule  B  of  the  general  rules, 

The  rules  are  best  shown  graphically: 


ADBt^  A&.B\^       ASB\^  AsBt/' 

"A  B  g  A  B  A  --A 

B  '-B 

"{A  sB)u^ 


A  ^A 

"B  B 


INTERPRETATION: 

*  The  conjunction  rule  should  be  read  as:  add  both 
oonjuncts  to  the  end  of  every  open  branch  which  it  is  on. 

*  The  oonditioral  as:  fork  the  aid  of  each  open  branch  and 
add  the  negation  of  the  antecedent  to  one  side  and  the 
consequence  to  the  others. 


Figure  4C 
Connective  Rules 


18 


The  considerations  made  for  quantifier  scope  are  quite 
important.  The  violation  of  quantifier  scoping  rules  is  a 
canmon  fallacy  in  predicate  calculus.  The  fallacy  can  cause 
not  only  the  generation  of  incorrect  proofs  of  true 
statements,  but  also  seemingly  good  proofs  of  false 
statements. 

The  considerations  for  scope  made  in  this  proof  procedure  are 
in  both  rules  and  the  structure  of  the  procedure  itself.  Bie 
rules  involved  are  C  and  D  from  Figure  4A.  These  state  that 
existential  quantifiers  may  only  be  instantiated  for  new 
constants  on  a  given  branch  and  that  universals  must  be 
instantiated  for  all  constants  on  a  branch  for  which  the 
universal  has  yet  to  be  instantiated.  The  proof  procedure 
insures  tiiat  the  outermost  quantifiers  are  instantiated  before 
the  inner  ones. 

These  two  considerations  insure  that  when  an  existential 
quantifier  is  inside  the  scope  of  a  universal,  as  in  Statement 
5  of  Figure  1,  the  quantifiers  are  not  instantiated  to  the 
same  constant  in  any  single  instance  of  the  statement.  These 
considerations  also  insure  that  statements  are  properly 
quantified  before  they  are  broken  into  substatements. 

Many  of  these  considerations  will  become  more  important  in 
later  chapters  in  the  discussion  of  decidability, 
completeness,  and  soundness. 


3.3     Semantics  and  the  Choice  of  Syntax 

As  shown  in  the  previous  section,  a  proof  procedure  is  tied 
both  implicitly  and  explicitly  to  the  structural  sanantics  of 
a  calculus.  In  Section  3.1  it  was  shown  how  different 
structural   elements  can  shift  the  characteristics    of   a 
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calculus.  It  is  important  for  the  purpose  of  this  thesis  to 
choose  a  syntax  whose  structural  semantics  facilitate  the 
machine  generation  of  proofs. 

There  are  four  basic  types  of  structural  elements3  of  a 
calculus.  They  are  connectives,  quantifiers,  equalities,  and 
functions.  A  minimal  calculus  usually  contains  two 
connectives  (negation  and  conjunction),  and  one  quantifier 
(the  universal) .  To  this  minimal  systan,  many  add  the  other 
connectives  (such  as  the  ones  in  Chapter  2)  ,  and  the 
existential  quantifier.  This  is  done  to  aid  the  logician  in 
the  expression  of  complex  statements. 

The  semantics  of  structure  of  these  other  elements  is  very 
similar  to  the  three  elements  of  the  minimal  system  above. 
Because  of  this,  a  procedure  is  not  complicated  significantly 
by  adding  these  elements.  Note  that  by  removing  these  extra 
connectives,  the  routine  outlined  in  Figure  4  would  not  be 
simplified.  There  would  be  fewer  rules  to  use  from  Figure  4C. 
These  elements  have  been  added  to  give  a  richer  set  of 
connectives  to  a  logician. 

The  equalities  are  notions  such  as  equality,  greater  than, 
less  than,  and  so  on.  These  elements,  unlike  the  extra 
connectives,  have  sanantics  that  are  not  similar  to  anything 
in  the  minimal  system.  They  are  expressed  in  the  minimal 
system  as  special  predicates  and  sane  statanents  (axioms)  that 
express  the  concepts  of  transitivity,  reflexivity. 


3  For  ease  of  parsing  and  simplicity,  only  written 
notations  are  considered  here  for  machine  use.  An  interface 
to  grajiiical  notions  could  be  applied. 
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associativity,  and  so  on  for  each  predicate.  By  not  including 
the  equalities,  the  logician  may  lose  a  little  ease  of 
expression  with  these  concepts,  but  not  the  ability  to  express 
than.  This  also  allows  a  procedure  to  concern  itself  with  one 
fewer  type  of  structural  semantics. 

The  same  argument  may  be  made  for  functions,  except  that  the 
equivalence  to  the  minimal  systan  is  less  obvious.  For  this 
equivalence,  see  the  work  of  Skolem.  There  is  also  another 
argument  to  ooisider  with  f unctionals. 

This  argument  is  presented  ty  Bundy  in  [2] .  It  says  basically 
that  for  a  function  (f(x)  =  y) ,  the  existence  of  a  suitable  y 
for  a  given  x  and  the  uniqueness  of  that  y  must  be  guaranteed. 
This  further  canplicates  the  consideration  of  the  structural 
semantics  of  functionals. 


3.4    Connaents  on  Normal  FonDs4 

Traditi orally,  automated  theorem  provers  have  used  conjunctive 
normal  form  for  input.  Ihis  choice  was  made  in  order  to  make 
it  easy  for  the  machine  to  read  input  e^^jressions. 

Conjunctive  normal  form  does  have  some  quite  distinct 
disadvantages.  One  major  problem  is  that  the  move  to 
conjunctive  normal  form  involves  skolemization  to  eliminate 
exsistential  quantifier.  Bibel  in  [3]  has  shown  that 
skolemizing  can  increase  the  length  of  a  formula 
quadratically.     He  also  points  out  that  this  increase  is 
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4  A  normal  form,  in  the  words  of  John  Robinson  [8] ,  is  just  "a 
standard  way  of  saying  things,"  or  a  way  of  saying  what  something 
says  in  a  fixed  format. 
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significant  in  all  but  trivial  theorems,  and  has  a  serious 
effect  by  increasing  the  time  and  space  required  to  process 
the  theoron. 

Bibel  also  points  out  that  conjunctive  normal  form  (CNF)  is 
not  good  for  interactive  theorem  provers  because  it  is  hard  to 
read  [3] .  Bundy  shows  many  places  in  [2] ,  how  semantic 
information  can  be  used  to  limit  the  search  space.  In  the 
move  to  conjunctive  normal  form,  it  is  necessary  to  use  the 
semantics  of  structure  in  order  to  remove  the  natural 
structure  of  the  theorem.  This  move  to  conjunctive  normal 
form  causes  quantifiers  to  be  moved  outward.  Ihis  is  called 
prenex  normal  form  (all  the  quantifiers  in  front).  Bibel 
danonstrates  tiiat  moving  quantifiers  inward  into  the  formula, 
instead  of  outward  as  in  CNF,  leads  not  only  to  a  quicker 
proof,  but  also  a  simpler  one.  He  has  proven  in  [9]  that  the 
proof  can  never  be  made  more  complex  by  this  inward  move. 
This  process  of  moving  quantifiers  inward  he  calls 
antiprenexing.  Prenexing  is  done  by  using  a  set  of  structural 
transformation  equivalences.  Since  these  are  equivalences, 
they  may  be  reversed  and  the  same  set  is  used  for 
antiprenexing. 

From  this  we  can  infer  that  the  more  highly  structured  the 
theoran,  the  faster  a  proof  may  be  found,  and  the  simpler  it 
will  be. 

Another  blow  against  normal  forms  comes  frcm  cognitive 
psychology.  This  is  the  fact  that  humans  tend  naturally  to 
group  related  items  by  relevant  factcts.  This  grouping  would 
tend  to  make  proofs  shorter  and  simpler  again  because  related 
items  are  found  together.  The  move  to  a  normal  form,  again 
destroys  this  r^tural  grouping. 

Normal  forms,   although  they  are  easier  for  a  machine  to  read. 
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have  sane  very  serious  drawbacks.  These  drawbacks  warrant  not 

using  them.  %, 

In  Chapter  4  current  proof  procedures  are  examined.  Although 
not  mentioned  explicitly,  the  reader  should  notice  the  role  of 
semantics  in  the  procedures  examined. 


CHAPTER  4 
Proof  Procedures 


In  1900 r  at  the  International  Congress  of  Mathematicians  in  Paris,  David 
Hilbert  presented  a  list  of  unsolved  problems  in  mathematics.  The  23rd 
problan  on  this  list  was  to  discover  a  procedure  that  will  determine 
whether  any  arbitrary  statonent  of  the  classical  predicate  calculus  is 
true  or  false. 

The  purpose  of  this  chapter  is  to  discuss  prooE  procedures,  for  both 
humans  and  machines.  In  the  first  section,  a  basis  for  proof  procedures 
is  presented  that  is  formed  mainly  fran  definitions  of  terms  and  the 
works  of  Church  and  others. 


4.1    Soundness,  Completeness  eind  Decidability 

If  a  theorem  is  valid,  a  "complete"  proof  procedure  will 
produce  a  proof  for  it.  If  a  proof  procedure  is  "sound",  it 
will  produce  proofs  only  for  valid  theorems.  All  of  the 
procedures  presented  here  have  these  properties.  These 
properties  are  of  great  importance  since  they  establish  the 
credibility  and  reliability  oE  the  procedures.  For  further 
information  about  the  soundness  and  completeness  of  a 
particular  proof  procedure,  refer  to  the  references  for  that 
procedure  . 

Whether  or  not  a  proof  procedure  for  the  predicate  calculus 
may  be  "decidable"  is  Hilbert' s  23rd  problem.  Many  people 
worked  on  this  problen,  most  notably  Church,  Skolem,  and 
Peter.  Skolem  tried  to  produce  a  decision  procedure  through 
the  use  of  a  series  of  structural  transformations,  (one  of 
which  was  seen  in  Chapter  3  as  Skolenization) .  His  attempt 
failed.     Church  in  his  1936  thesis  conjectured  that  there  can 
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not  be  a  mechanical  decision  procedure  for  predicate  calculus. 
This  has  never  been  proved.  Peter,  along  with  sane  other 
Hungarian  mathenaticians,  have  objected  to  Church's  thesis. 
Probably  the  greatest  argument  against  Church  is  that  made  by 
Kalmar  [6].  Kalmar  has  proved  that  if  Church's  thesis  is 
true,  then  there  exists  a  simple  proposition  which  we  know  is 
true,  but  cannot  prove  in  any  way.  This  issue  is  a  difficult 
one  and  has  been  a  sore  point  with  theorem  provers  for  many 
years. 

The  proof  procedures  presented  in  this  paper,  wnile  they  are 
sound  and  complete,  are  not  decidable.  They  are  called 
semidecidable.  Sanidecidable  procedures  give  correct  proof 
for  valid  theccams  and  can  also  provide  counter-examples  for 
invalid  ones  when  it  stc^.  The  problem  is  that  many  invalid 
thecarems  cause  non-terminations  in  proof  procedures.  This 
phenomenon  of  non-termination  is  often  referred  to  as  a  black- 
hole.  It  is  called  a  black-hole  because,  when  the  procedure 
falls  in,  it  never  comes  out  again.  It  is  caught  in  an 
endless  cycle  of  sane  sort. 


4.2    Human  Proof  Procedures 

The  proof  procedure  presented  here  is  that  described  in 
Chapter  3  (Figure  4) .  This  procedure  is  from  LeBlanc  and 
Wisdom  [1].  It's  roots,  as  for  most  human  procf  procedures, 
is  sanantic  tableau  from  Beth  [7] .  Additional  discussion  may 
be  found  in  Jeffries   [6] . 

LeBlanc  and  Wisdom  define  four  categories  into  which  a 
statement's  proof  tree  may  fall.  A  discussion  of  each 
category  follows. 
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4.2.1    CATEGORY  li     A  Closed  Tree. 

The  first  case  occurs  when  all  branches  of  a  proof  tree 
contain  a  closure,  i.e.,  a  statement  and  its  negation.  When 
this  happens,  the  theorem  is  valid.  It  has  beei  shewn,  by  a 
closure  on  each  branch,  that  there  is  no  possible  instance  for 
which  the  statement's  negation  can  be  true.  This  is  checked 
in    Figure  4B,  Step  5. 


4.2.2     CATBG0RY2:An    Open   Branch   With    All    of    the 

Statements  Checked. 


This  case  represents  an  instance  in  which  the  statement's 
negation  is  consistent,  meaning  the  statonent  is  not  valid.  A 
counter-example  may  be  generated  from  the  truth  values  of  the 
atonic  statements  on  the  branch.  Itiis  is  checked  in  Figure 
4B,  Step  2. 


4.2.3     CATEGORY  3:  New  Instances  Could  be  Added,   but  It 

Would  Be  Pointless. 


Biis  case  is  checked  in  Figure  4B,  Step  5A.  Category  2  occurs 
when  the  only  unchecked  statanents  are  universally  quantified 
statements  that  produce  no  new  constants  when  instantiated, 
for  example,  the  statement  $x  Px.  The  point  is  that  no 
information  is  gained  by  further  instantiations.  In  this 
case,  an  infinitely  long  open  branch  has  been  found.  As  in 
Case  2,  the  theorem  is  invalid  and  a  counter  example  may  be 
generated  from  the  branch. 
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4.2.4    CATEGORY  4:     Black-Holes 

Category  4  occurs  when  a  statement  of  the  general  form  ($x  ... 
(*y  ...))  is  found  that  doesn't  produce  a  closure.  When  this 
happens  the  procedure  cycles  endlessly  through  Steps  4  and  5, 
generating  n&i  constants.  To  canplicate  matters,  Steps  3  and 
2  may  be  used  many  times  in  each  cycle.  Another  possibility 
is  that  the  cycles  between  Steps  4  and  5  may  be  nested  as 
well.  These  complications  and  the  fact  that  one  doesn't  know 
if  the  statement  will  produce  a  closure  makes  it  very 
difficult,  in  general,  to  decide  if  the  procedure  runs  forwer 
or  just  for  a  very  a  long  time. 

Most  logicians  eventually  recognize  that  they  are  rotating 
themselves.  Due  to  the  difference  in  memory  structures  and 
means  of  recognition,  it  is  highly  unlikely,  at  this  time, 
that  a  machine  do  this.  The  method  simply  does  not  tell  you 
that  you  are  cycling  within  a  black-hole. 


4.3    Machine  Proof  Procedure 

Resolution,  v/hich  was  chosen  primarily  for  its  simplicity,  has 
dominated  automated  theorem  proving  since  1969.  Since 
Robinson's  early  work  [11]  many  enhancenents  have  been  made. 
These  improvements  were  contributed  mainly  by  Bledsoe  [12] , 
Beyer  and  Moore  [13] ,  Loveland  [14] ,  and  Wos  [15] . 

The  simplicity  of  resolution  is  that  it  is  based  on  a  single 
rule  of  inference,  the  cut  rule.  The  cut  rule  is  also  known 
as  the  complex  dilemma  and  is  a  generalization  of  modus 
ponens.  An  example  of  the  cut  rule  is:  if  given  the  formulas 
~A  V  B  and  A  V  C,  one  may  infer  fran  these  and  the  cut  rule 
the  formula  B  v  C.  The  idea  of  resolution  is  to  end  up  with 
an  anpty  resolvent.      This  means   that  none  of   the  original 
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alternatives  could  possibly  be  true,  and  again  we  have  a  form 
of  proof  by  contradiction. 

Resolution,  however,  has  a  few  problans.  The  first  is  the 
input  must  be  in  conjunctive  normal  form.  Ihis,  as  shewn  in 
Chapter  3,  destroys  much  useful  information,  besides  making 
the  theoran  harder  to  read.  Also,  since  conjunctive  normal 
form  requires  skolanization,  there  are  "skolan"  functions  or 
predicates  now  in  the  thecarem  that  have  a  somewhat  unclear 
meaning. 

The  second  problem  with  the  resolution  technique  is  that  the 
search  space  grows  exponentially.  This  grcwth  occurs  because 
the  resolvent  clause  is  added  to  the  set  of  clauses  and  then 
resolution  is  performed  again.  An  excellent  example  of  this 
is  give  by  Bundy  in  Section  7.2  of  [2].  In  this  example, 
Bundy  gives  a  problem  f  ran  group  theory.  The  problem  requires 
a  minimum  of  42  resolutions  to  solve  and  has  an  average  fanout 
of  three,  "niis  means  the  search  space  contains  about  1021 
elements.  By  using  a  heuristic  technique  called 
paramodulation,  the  search  space  was  curbed  to  about  1011 
elements.  What  this  tells  us  is  that  we  cannot  overpower 
problems. 

The  third  major  problan  is  that  resolution  falls  into  black- 
holes,  just  as  the  LeBlanc  and  Wisdom  procedure  did  (see 
Figure  5) .  Resolution  also  does  not  know  when  or  if  it  has 
fallen  into  a  black-hole. 


4.4    The  Need  for  New  Proof  Procedures 

As  shown  above,  when  a  proof  procedure  drops  into  a  black- 
hole,  there  is  no  warning  and  the  only  way  to  stop  is  for  a 
human  to  realize  sanething  has  gone  wrong.      In  the  case  of  a 
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manual  procedure,  it  is  the  realization  of,  "Haven't  I  just 
done  this?"  and  then  looking  for  the  r^^eating  pattern.  In 
the  case  of  an  autanated  procedure,  it  is  a  guessing  game,  "Is 
the  tree  infinite  or  just  very  large?"  This  analysis  is 
hindered  because  that  the  search  space  is  very  large  and  we 
can't  overpower  it,  even  with  heuristics. 

There  is  a  need  for  a  new  type  of  automated  proof  procedure. 
The  procedure  should  use  the  structure  of  the  theocon  to  limit 
the  search  space,  much  as  the  human  procedures  do.  Ihis  new 
procedure  shold  be  able  to  recognize  and  "build  a  fence" 
around  potential  black-holes.  This  would  allow  it  to  give 
information  to  its  user,  which  in  turn  would  allow  the  user 
to  make  a  more  informed  decision.  The  procedure  should  inform 
the  user  when  it  has  the  potential  of  falling  into  a  black- 
hole. 

When  the  procedure  is  finished  working  around  the  black-hole 
(found  a  closure)  and  no  longer  has  the  possibility  of  running 
infinitely,  it  should  inform  the  user  of  this. 

It  should  be  noted  that  the  tighter  this  fence  is  around  the 
black-hole,  the  more  accurate  the  information  to  the  user.  A 
tighter  fence  also  means  the  less  likely  it  is  that  the 
procedure  will  venture  inside  the  fence. 

These  problems  are,  as  discussed  in  Chapter  5,  related  to  the 
semantics  of  structure. 
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CHAPTER  5 


A  New  Proof  Procedure 


In  this  chapter  a  new  proof  procedure  is  presented.  Although  it  is 
intended  for  machine  use,  it  is  presented  at  the  level  of  the  procedure 
in  Figure  4.  This  is  to  avoid  getting  bogged  down  in  the  details  of  a 
particular  inplementation. 

In  the  first  section  the  new  proof  procedure  and  sane  definitions  are 
set  forth.  The  second  section  contains  a  discussion  aimed  at  providing 
the  reader  with  an  understanding  of  the  new  procedure.  The  final 
section  is  a  comparison  of  this  ne*  procedure  with  ones  currently  in 
use. 

5.1    The  Procedure 

The  proof  procedure  is  presented  in  Figure  6.  Before 
looking  at  the  procedure  the  reader  should  become  aware 
of  structures  used  in  it.     They  are  as  follows: 

STACK  -  This  is  a  list  of  statonents  to  be  processed 

by  the  procedure.  It  may  be  ordered  to 
increase  efficiency. 

SCOPE  LIST  -  This  is  an  ordered  list  that  is  attached  or 
associated  with  a  statement.  Its  purpose  is 
to  keep  track  of  the  quantifiers  that  scope 
this  statement.  \ 

BRANCH  -  This   is   the   branch   of    the   proof    tree 

currently  being  investigated.  It  may  be 
represented  as  a  simple  list  of  the 
statanents  on  the  branch. 
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OPEN-  This  is  a  return  value   of    the   routine 

meaning  an  open  branch  has  been  found. 

Ohe  sub- procedures  PROVE,  COMBINE,  UNIFY,  and  COLLECT  are 
functions.  These  functions  all  return  a  set  of  bindings.  A 
binding  tells  us  what  a  quantifier  should  be  instantiated  to, 
in  order  to  produce  closure  in  part  of  the  tree.  The  overall 
plan  is  that  the  procedure  in  Figures  6A-6D  directs  the 
unifier  (UNIFY)  to  produce  all  of  the  closures  possible  betweei 
atomic  statements.  Then,  COLLECT  and  COfBINE  take  these 
closures  for  atonic  statements  and  produce  closures  for  parts 
of  the  tree.  A  closure  for  the  whole  tree  means  that  proof  by 
contradiction  can  be  made  ty  instantiating  the  quantifiers  for 
the  values  in  the  closure. 
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1.  Push   the   negation  of    the   theorem   onto   the 
SIPCK,  (Be  sure  its  SCOPE  LIST  is  empty) . 

2.  Start  with  BRM^CH  anpty. 

3.  PRCVE  (3IPCK,  BRANCH) 


Figure  6 A 
The  Augmentation  Step  o£  the  Proof  Procedure 
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PRCVE   (STACK,  BRMCH) : 

1.  Is  the  stack  anpty? 

^D:     Pop  a  statement  off  STACK 

Add  the  statement  to  the  branch. 
GO  TO  STEP  2 

YES:  REIUEN  "OPEN" 

2.  Is  the  statonent  atatdc? 

NO:     GO  TO  STEP  3 

YES:  RETURN  CCLLECT   (UNIFY   (STATEMENTjBR^CH) , 

mOJE   {SIPCK,   BRANCH)) 

3.  Is  the  statement  quantified? 

NO:     GO  TO  STEP  4 

YES:  Add  the  quantifier  to  the  statement's 
SCOPE  LIST 
RETURN  PRCVE   (STACK,  BRi^^CH) 

4.  Is  the  statanent's  main  connective  a  branching  one? 
(See  Figure  6D) 

NO:    Apply  the  relevant  non-branching  rule 

RETUFN  PRCVE   (STACK,  BRANCH) 
YES:  Apply  the  relevant  branching  rule,  producing 

two  stacks. 

RETURN  OO^BINE    (PRCVE (STACKl,  BRANCH) , 
PRCVE (ST.^ACK2,  BRANCH)) 
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Figure  6B 
New  Proof  Procedure 
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COLLECT  is  literally  a  union  operation  with  "OPEN" 
representing  the  anpty  set.  What  OCLLECT  does  is  collect  all 
of  the  sets  of  bindings  produced  fcy  a  single  branch. 

COMBINE,  on  the  other  hand,  takes  the  bindings  from  two 
branches  and  combines  them  to  form  a  single  set  of  bindings  to 
be  returned. 

UNIFY  is  the  routine  that  produces  these  sets  of  bindings.  A 
binding  represents  the  instantiations  required  to  make  the 
current  (atomic)  STATEMENT  form  a  closure  with  another 
statement  on  this  BR/a^CH.  The  set  of  bindings  produced  by 
UNIFY  is  the  set  of  all  such  instantiations  that  form  closure. 
If  this  set  is  enpty,   "OPEN"  is  returned. 


Figure  60 
Explanation  of  Auxiliary  Procedures 
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NON-BRANCH I^G  H3LES 


STATEMENT 

~  ~  A 

A  +  B 

~(A-  B) 

~(A  IF  B) 

EULE 

add  A  to  the  STACK 
add  A  and  B  to  the  STfCR 
add  ~A  and  ~B  to  the  STACK 
add  A  and  ~B  to  the  STPCK 


BRANCHING  HJLES 

A  -  B        add  A  to  stack,  producing  STPCK  1 
add  B  to  stack,  producing  STACK  2 

A  IF  B        add  ~A  to  stack,  producing  STi^CK  1 
add  B  to  stack,  producing  STACK  2 

A  IFF  B       add  A  and  B  to  stack,  producing  STi^K  1 
add  "A  and  ~B  to  stack,  producing  STAQC  2 

~(A  +  B)       add  ~A  to  stack,  producing  STACK  1 
add  ~B  to  stack,  producing  STACK  2 

~(A  IFF  B)     add  ~A  and  B  to  stack,  producing  STACK  1 
add  A  and  ~B  to  stack,  producing  STACK  2 


Figure  6D 
Connective  Rules 
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5.2    A  Closer  View 

At  a  high  level,  this  new  proof  procedure  looks  almost  like 
the  procedure  of  Figure  4.  Ihe  difference  between  the  two  are 
described  below.  From  this  high  level,  one  of  the  most 
outstanding  differences  is  the  way  in  which  quantifiers  are 
handled. 


5.2.1     Hie  Handling  of  Quantifiers 

Quantifiers,  in  this  procedure,  are  never  actually 
instantiated.  The  reason  for  this  is  that  black-holes  are 
caused  by  instantiation  cycles.  By  not  instantiating,  the 
proof  procedure  is  able  to  work  with  patterns  of  statonents 
and  control  information  about  the  variables  of  the  pattern. 
The  senantics  of  structure  provide  the  control  information  in 
the  form  of  Scope  Lists.  By  using  this  control  information 
and  the  pattern  of  a  statement,  UNIFY  can  identify  the 
instantiations  that  produce  closures  with  other  statements 
(patterns)  on  this  BEANCH. 


5.2.2    An  "Intelligent"  Unifier 

Once  these  patterns  of  statements  and  scope  lists  have  been 
created,  a  unifier  is  needed  that  is  capable  of  handling  this 
information.  The  unifier  must  be  able  to  utilize  this 
information  to  tell  when  two  instantiations  of  a  statement  are 
needed.  The  unifier  accepts  two  patterns  and  their  related 
scope  lists.  The  unifier  then  attanpts  to  find  a  binding  that 
when  instantiated  makes  the  patterns  literally  equal.  If  the 
unifier  fails,  the  patterns  may  not  be  unified  and  the  "OPEN" 
value  is  returned.  The  jdb  of  UNIFY  in  this  procedure  is  to 
call  the  unifier  to  find  a  set  of  closures  between  the  current 
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(atonic)  STATEMENT  and  each  of  the  (atonic)  statements  on  the 
current  BRANCH. 

The  first  thing  done  by  the  unifier  is  to  be  sure  the 
predicates  are  the  same.  This  is  done  by  an  equality 
operation,  and  if  it  fails,  so  does  the  unification.  The  next 
problem  facing  the  unifier  is  to  unify  the  variables  and 
constants  to  produce  the  binding.  The  rule  used  to  do  this 
is:  A  variable  may  be  bound  to  any  constant  that  is  not 
inside  its  scope  (i.e.,  following  it  on  the  scope  list).  The 
exception  to  this  rule  is  when  the  variable  and  constant  are 
from  different  statements  (meaning  the  two  statanents  being 
unified  are  substatements  of  the  same  super  statement) .  When 
this  happens,  the  statements  together  may  be  bound,  but  it 
must  be  noted  that  the  variable  is  from  the  second 
instantiation  of  the  pattern.  When  the  case  of  two 
instantiations  occurs,  the  unification  of  variables  and 
constants  must  start  again,  only  this  time  the  unifier  knows 
there  are  two  inst:antiations. 

As  the  unification  proceeds  the  scoping  rules  become  stricter. 
Uiis  is  the  result  of  the  binding  process.  When,  for  example, 
the  variable  X  is  bound  to  the  constant  A,  this  means  that  X 
is  inside  the  scope  of  A  or,  in  terms  of  the  proof  tree,  X 
must  be  instantiated  after  A  is  instantiated.  This  is  not 
very  constraining  in  itself,  but  constraint  comes  from  the 
fact  that  everything  that  was  inside  X  is  now  forced  to  be 
inside  everything  which  is  outside  of  A.  If,  at  any  time,  a 
variable  cannot  be  bound  to  a  constant  by  these  rules,  or  two 
constants  are  not  equal,  the  unification  fails. 

The  point  here  is  that  an  "intelligent"  unifier  using  the 
semantical  notion  of  scope  is  capable  of  making  all  possible 
closures  without  having  to  instantiate  any  of  the  statanents 
involved. 
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5.2.3     The  need  for  Collect  and  Canbine 

By  not  instantiating  quantifiers,  a  prcA)lem  with  soundness  and 
completeness  has  been  caused.  The  soundness  problem  is,  in 
the  procedure  described  so  far,  that  there  is  no  control  to 
insure  that  a  quantified  variable  on  different  branches  is 
instantiated  to  the  same  constant.  The  completeness  prctolan 
occurs  when  a  universally  quantified  variable  on  different 
branches  is  instantiated  to  the  same  constant.  Then,  v^en 
universally  quantified  "or"  branches  (the  branching  rules  of 
Figure  6D)  require  more  than  one  instantiation,  a  tree  is 
formed.  Ihe  outside  branches  have  been  looked  at  but  the 
interior  ones  have  not.  These  problems  both  occur  at  the 
place  where  two  branches  meet.  COMBINE  is  the  routine  that 
handles  these  pr<±)lQns  where  they  occur. 

CCLLECT  is  needed  to  put  together  two  sets  cf  bindings  on  the 
same  branch  into  a  single  set  of  bindings.  COMBINE  and 
COLLECT  are  very  closely  related  to  the  operations  of 
intersection  and  union.  This  duality  is  directly  related  to 
the  duality  of  "and"  and  "or." 


5.2.4     The  COLLECT  Routine 

Ihe  OQLLECr  routine  is  literally  a  union  operation,  as  stated 
in  Figure  6C.  The  union  operation  is  sufficient  for  this 
presentation,  but  some  improvenent  could  be  made.  The  most 
obvious  is  to  ronove  specific  bindings  when  a  more  general  one 
exists.  This  removes  redundancy  by  taking  the  most  general 
binding. 
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5.2.5    Ihe  COMBINE  Routine 

The  COMBINE  routine  is  related  to  the  intersection  operation. 
OC»BINE  is  more  complicated  than  intersection.  COMBINE'S 
intersection  process  must  consider  the  case  when  the  binding 
fran  one  set  is  more  general  than  the  one  fran  the  other.  In 
this  case,  the  binding  resulting  from  "intersection"  reflects 
the  most  specific  binding  tiiat  can  be  made  fran  the  two.  Hiis 
routine  must  also  be  mindful  of  multiple  instantiations, 
scoping  rules,  and  the  particular  scope  lists,  as  was  our 
unifier.  This  "intersection"  step  in  COMBINE  restores  the 
soundness  property  to  our  procedure.  It  insures  that  the 
resultant  bindings  produce  closure  for  both  branches  that  come 
from  the  branching  connective. 

The  second  step  in  COMBINE  is  to  insure  completeness.  The 
loss  of  completeness  come  when  a  branching  connective  is 
instantiated  multiple  times.  The  routine  PROVE  has  only 
looked  (through  patterns)  at  the  possible  closures  for 
instantiations  of  only  the  left  hand  branch  and  only  the  right 
hand  branch,  the  exterior  branches  of  the  tree.  In  this  case, 
there  are  also  interior  branches  that  have  not  been  looked  at 
yet.  In  order  to  make  the  procedure  complete,  we  can 
instantiate  the  branching  statement  for  the  values  in  the 
binding  and  add  them  to  the  STACK  and  ask  WDJE  to  tell  us  if 
it  closes.  But,  we  must  also  add  the  pattern  for  the 
branching  statement.  The  reason  for  this  is  that  the 
combination  of  left  and  right  hand  sides  of  a  branching 
statement  may  create  new  closures.  This  makes  the  procedure 
complete,  but,  unfortunately,  also  makes  it  semidecidable 
because  the  pattern  may  be  copied  from  the  second  pattern  of 
the  statonent  to  make  a  third,  and  so  on. 

Improvanents  can  be  made  to  eliminate  some  of   the  need  for 
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this  second  step.  If  one  of  the  bindings  in  the  first  step 
doesn't  require  any  instantiations  (just  that  variables  bound 
to  the  same  thing) ,  then  the  second  step  is  not  needed.  It  can 
already  be  deduced  that  the  tree  closes.  Other  improvonents 
can  be  inadef  but  are  not  necessary. 

This  procedure  has  limited  the  semidecidability  to  just 
branching  connectives  with  multiple  instantiations.  This 
allcws  the  procedure  to  inform  the  user  when  it  is  and  is  not 
in  danger  of  hitting  black-hole  areas.  Processing  in 
potential  black-hole  areas  is  a  last  resort,  to  be  done  only 
when  OC*BINEing  and  CCLLECTing  other  bindings  fail  to  produce 
a  closure  for  the  proof  tree. 


5.3    A  Ccmparison  with  Existing  Proof  Procedures 

The  new  procedure  presented  in  this  chapter  is,  as  are  the 
procedures  fran  (Zhapter  4,  sound,  canplete,  and  ssnidecidable. 
As  we  have  seen,  the  new  procedure  achieves  this  in  a  manner 
different  fran  the  other  procedures.  Let  us  see  how  this 
different  approach  affects  sane  other  properties  of  this  new 
procedure. 


5.3.1    Search  Space 

The  search  space  of  resolution  was  found  to  be  exploding 
canbinatorially.  The  LeBlanc  and  Wisdom  procedure  doesn't 
seem  to  have  this  problem.  The  new  procedure  has  an  even 
better  search  space  than  that  of  L^lanc  and  Wisdom  because  it 
uses  patterns  of  statements  instead  of  actual  instantiations 
of  them.  Ihis  means  that  the  new  procedure  exanines  all  the 
possible  instantiations  at  once,  instead  of  one  at  a  time. 
This  means  the  new  procedure  can  find  multiple  bindings  at 
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once  (possibly  infinite  if  a  binding  is  found  only  between 
variables) .  This  means  the  new  proof  procedure' s  search  space 
is  smaller  than  that  of  LeBlanc  and  Wisdom  and  very  much 
smaller  than  that  of  Resolution. 


5.3.2    Can  a  Fence  Be  Built  Around  Black-Holes? 

Previously,  no  proof  procedure  has  been  able  to  establish  a 
reasonable  fence  around  black-holes  and  inform  the  user  when 
it  is  necessary  to  venture  inside  the  fence.  As  we  have  seen, 
this  new  procedure,  because  of  the  way  soundness  and 
completeness  are  checked,  can  build  a  reasonable  fence  around 
black-holes. 

The  problem  of  not  being  able  to  spot  black-holes  originated 
in  the  soundness  constraints  of  human  proof  procedures.  The 
problem  was  then,  unknowingly,  propagated  into  machine  proof 
procedures. 


5.3.3    Complexity 

Resolution  is  the  simplest  procedure;  it  has  only  a  single 
rule  of  inference.  L^lanc  and  Wisdom's  procedure  is  next. 
The  new  procedure  seems  to  be  definitely  the  most  complex, 
which  means  it  will  be  harder  to  implement. 

The  reason  for  the  difference  in  complexity  is  the  amount  of 
explicit  use  of  sanantics  of  structure.  This  increased  use  of 
semantics  gives  a  smaller  search  space.  Bibel  in  [3] ,  also 
notes  that  routines  with  smaller  search  spaces  are  more 
complex. 


CHAPTER  6 
Implanentatiion 


The  realization  and  implementation  of  this  new  proof  procedure  is  the 
result  of  four  and  a  half  years  of  stu(^  and  ej^aeriinentation.  In  this 
chapter  the  motivation,  details  of  implementation,  and  some  results  of 
this  procedure  are  described. 


6.1    Motivation 

In  the  Spring  of  1979,  I  was  approached  by  two  professors, 
George  Georgacarakos  and  William  Schank-Hamlin,  with  the 
problem  of  building  consistency  trees  for  first  order 
predicate  calculus  statements.  A  consistency  tree  generator 
can  be  used  as  a  theorem  prover  by  negating  the  the<»:em. 
Professors  Georgacarakos  and  Schank-Hamlin  needed  a 
consistency  tree  generator  to  shew  sane  theorems  consistent 
which  were  too  large  to  be  done  by  hand  in  any  reasonable 
length  of  time. 


6.2    Details  o£  ImpleBentation 

In  order  to  understand  the  problan  better,  the  initial  task  of 
writing  a  program  to  build  trees  for  prepositional  calculus 
was  performed.  This  program  builds  trees  in  the  same  way 
logicians  do.  In  the  end,  this  initial  progran  resembled  the 
early  prover  of  Change  &  Lee.  It  is  a  decision  procedure  and 
runs  in  such  a  negligible  amount  of  time  that  its  speed  was 
never  benchmarked.  This  first  program  took  approximately 
eight  months  to  write. 
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The  next  step  was  to  add  the  existential  and  universal 
quantifiers  to  the  proof  procedures.  Again,  I  tried  to  look 
at  how  logicians  build  trees  that  involve  quantifiers  and  to 
emulate  than.  This  version  of  the  program  lodes  somewhat  like 
the  procedure  in  Figure  4.  This  is  probably  due  to  the  fact 
that  this  was  where  I  learned  how  to  build  consistency  trees. 
The  new  procedure  is  different  fran  that  in  figure  4,  because 
I  noticed  that  while  that  procedure  works  that  is  not  in  fact 
hew  I  build  consistency  trees. 

I  also  noticed  that  I  seem  to  have  very  little  problem  with 
"black-holes."  I  cut  them  off  ty  the  realization  of  "having 
done  this  before."  I  found  that  I  would  look  ahead  at  the 
ramifications  of  instantiating  a  variable,  before  I  actually 
created  a  new  instance  of  a  statement.  This  helps  greatly  in 
controlling  the  proof. 

This  new  proof  procedure  is  an  attempt  to  document  the  manner 
in  which  hew  I  prove  the ca: ems.  Seme  things  were  done  slightly 
differently  because  of  the  knewledge  that  the  user  of  the  new 
procedure  would  be  a  machine.  This  is  because  the  machine  is 
much  better  at  clerical  things  than  most  humans. 


6.3    Results 

Test  problons,  for  the  proof  procedure  in  this  thesis  and 
previous  "experimental"  versions,  were  derived  from  many 
sources.  The  author  generated  approximately  forty  formulas 
for  testing  specific  mechanisms  in  the  implanented  versions. 
The  next  set  of  formulas  is  all  the  formulas  found  in  the 
second  chapter  of  L^lanc  and  Wisdom.  About  twenty  formulas 
were  taken  from  the  twelfth  chapter  of  Church's  "Introduction 
to  Mathonatical  Reasoning."  Seme  more  difficult  formulas  were 
provided  by  G.    N.   Geosgacarakos  and  the  problem  known  as 
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"Challenge  Problan  1"   (CPl) ,  presented  to  the  Fourth  Workshop 
on  Automated  Deduction  by  Dr.  Peter  Andrews  was  also  used. 

This  proof  procedure  was   implemented  at  Kansas  State 

University  on  the  equivalent  of  an  IBM  4341,  running  LISP  atop 

VM/370.     "Hhe  program  ran  all  formulas  correctly  except  the 

last   class  of  formulas,    in  between  zero  to  twenty-three 

hundredths  of  a  cpu  seconds.      For   sane  reason,   CPl  and  the 

other  "difficult"  prcfclons  ran  much  more  slowly  (approximately 

43  cpu  seconds) .     On  the  surface,  CPl  does  not  appear   to  be 

two  orders  of  magnitude  larger  or  more  complex  than  any  of  the 

other  problans,  and  it  is  not.      The  problem  arises  in  this 

proof  procedure,    because  the  procedure  attanpts  to  find  all 

the  possible  bindings  that  will  yield  a  proof.     CPl  has  more 

than  16  million  of  these  bindings.     This  is  a  problem  with 

this  procedure.     All  other  procedures  known  to  this  author  /,f 

find  only  one  answer,  as  opposed  to  all  possible  answers. 
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CHAPTER  7 
Conclusions 

The  use  of  sonantics  of  structure  allows  a  proof  procedure  to  be  created 
with  an  improved  search  space  and  the  capability  to  "fence"  black-holes. 
This  procedure  was  arrived  at  by  examining  hew  logicians  really  prove 
theorems.  First,  the  logician  looks  down  a  branch  or  two  and  finds 
closures.  Bien  he  uses  the  procedure  in  Figvire  4  to  verify  that  one  of 
these  closures  is  correct.  By  examining  what  rules  the  logician  applied 
when  he  looked  ahead  down  that  branch  led  to  the  discovery  and  explicit 
use  of  semantics  of  structure  in  the  new  proof  procedure. 


7.1    Further  Research  in  ATP 

Some  other  semantic  techniques  have  just  recently  been  applied 
to  resolution  theorem  provers.  With  sane  work  these  could  be 
useful  additions  to  the  procedure  above.  These  techniques 
include  Bibel's  work  with  connection  graphs  in  [3]  and 
Walther's  work  with  the  typing  of  variables  and  constants  in 
[10] .  Both  of  these  have  shown  advances  in  ATP.  Possibly,  by 
combining  one  of  these  with  the  structural  semantics  presented 
here,  a  decision  procedure  may  be  found. 

Work  should  also  be  done  toward  the  goal  of  making  this 
procedure  seek  out  only  one  answer,  instead  of  many.  This  m^ 
be  done  through  the  use  of  advanced  control  structures.  These 
structures  should  use  the  semantical  information  of  structure 
of  the  formula  for  a  proof  (possibly  optimal) .  The  notation 
is  akin  to  the  view  in  software  engineering  that  the  structure 
of  the  inputs  and  outputs  determine  the  structure  of  the 
program. 
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7.2      Further  Research  Involving   the  Application   of 
Structural  Seaantics 


Sanantics  of  structure  may  be  used  in  related  areas  in  AI, 
expert  systans,  non-monotonic  reasoning,  and  natural  language 
systems.  Structural  semantics  may  benefit  automated 
progranming  efforts  as  in  the  previous  section.  It  could  also 
be  applied  to  many  search  problems.  The  search  may  benefit 
from  understanding  the  structure  of  the  search  space,  rather 
than  the  structure  of  an  individual  element  of  the  space. 
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ffiSlRACT 

Autanated  theorem  proving  is  a  central  theme  in  Artificial  Intelligence. 

Thecaron  prcvers  today  have  two  major  problems.     The  first  is  described 

fcy  Alan  Bundy,   "Resolution  collapses  under  the  weight  of  anything  the 

least  bit  difficult."     This  problem  is  a  result  of  the  search  space 

ej^loding  canbinatorially.     Bundy  points  out  that  guidance  heuristics,  i 

in  the  general  case,   do  little  to  curb  this  explosion,     Bie  second  \ 

problem  is  that  when  a  theorem  prover  runs  infinitely  it  has  no  way  of  ? 

detecting  this.      It  cannot  build  a  fence  around  this  "Black-Hole",  in 

order  to  inform  the  user  when  it  might  be  running  infinitely. 

These  problems  are  addressed,  and,  in  seme  sense,  solved  in  this  thesis. 

Uie  search  space  is  improved  to  be  similar  to  that  used  by  a  human  and  a 

fence  can  new  be  built  around  Black-Holes.     The  way  this  has  been  done 

is  by  the  use  of  the  semantics  of  structure.     By  using  these  semantics, 

an  "intelligent"  unifier  may  be  built,  which  can  create  all  the  possible  ^ 

variable  bindings  for  a  statement,  instead  of  one  at  a  time,  as  with 

current  unifiers. 

i 
The  use  of  semantics  of  structure  and  an  "intelligent"  unifier  have 
allewed  a  new  type  of  proof  procedure  to  be  developed.  The  procedure  is 
described  in  detail.  / 


